Re: vlan/bridging broken in 4.8-release?

2003-05-27 Thread Marco Wertejuk 
Hello Maxim,

today I've tried your hack and it works, at least it seems so.

It was not exactly the same setup but nearly the same.
The bridge has two interfaces (fxp0, fxp1) and
one host is connected to each interface (using crosslink
cables, no other networking devices such as broken HP
ProCurve switches).
The host on fxp1 (10.10.10.16) does not use vlans,
the host on fxp0 (10.10.10.18) is in vlan id 1.

tcpdump -tni fxp0, fxp1, vlan0:
(yes 10.10.10.18 has a strange mac address, because
of a broken fxp0 card I guess ;)

6:0:ff:1:6:0 ff:ff:ff:ff:ff:ff 0806 56: arp who-has 10.10.10.16 tell 10.10.10.18
0:d0:b7:17:5:78 6:0:ff:1:6:0 0806 60: arp reply 10.10.10.16 is-at 0:d0:b7:17:5:78
6:0:ff:1:6:0 0:d0:b7:17:5:78 0800 98: 10.10.10.18  10.10.10.16: icmp: echo request
0:d0:b7:17:5:78 6:0:ff:1:6:0 0800 98: 10.10.10.16  10.10.10.18: icmp: echo reply
6:0:ff:1:6:0 ff:ff:ff:ff:ff:ff 8100 60: 802.1Q vlan#1 P0 arp who-has 10.10.10.16 tell 
10.10.10.18
0:d0:b7:17:5:78 6:0:ff:1:6:0 8100 64: 802.1Q vlan#1 P0 arp reply 10.10.10.16 is-at 
0:d0:b7:17:5:78
6:0:ff:1:6:0 0:d0:b7:17:5:78 8100 102: 802.1Q vlan#1 P0 10.10.10.18  10.10.10.16: 
icmp: echo request
0:d0:b7:17:5:78 6:0:ff:1:6:0 8100 102: 802.1Q vlan#1 P0 10.10.10.16  10.10.10.18: 
icmp: echo reply
6:0:ff:1:6:0 0:d0:b7:17:5:78 0800 98: 10.10.10.18  10.10.10.16: icmp: echo request
0:d0:b7:17:5:78 6:0:ff:1:6:0 0800 98: 10.10.10.16  10.10.10.18: icmp: echo reply
6:0:ff:1:6:0 0:d0:b7:17:5:78 8100 102: 802.1Q vlan#1 P0 10.10.10.18  10.10.10.16: 
icmp: echo request
0:d0:b7:17:5:78 6:0:ff:1:6:0 8100 102: 802.1Q vlan#1 P0 10.10.10.16  10.10.10.18: 
icmp: echo reply

Two pings were send successfully with your hack and I
guess everything else would work too, but I have no
time for further testing, maybe the people who wrote
the PR have more time ...

Please make a real patch out of your hack and get it
commited into -stable because I still want to use it
for one of my customers :)

Hopefully I did not forget anything in this email :)

-- 
Mit freundlichen Gruessen,
Marco Wertejuk - mwcis.com
Consulting  Internet Solutions
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to [EMAIL PROTECTED]

rtadvd bugfix?

2002-02-01 Thread Marco Wertejuk 

Hello,

I was really nerved when I noticed that rtadvd is exiting
without any notice if the host is not an ipv6 gateway.

Since it took me a lot of time to find this problem
I wrote a patch for rtadvd to show a message and 
noticed something strange: 
rtadvd won't exit even if ipv6 forwarding is not
enabled, take a look at this patch. (attachement)
Watch out for the changed if-condition.

Is that really a bug ?
The patch works fine for on freebsd 4.5-stable
using kame version 20010528/FreeBSD.

-- 
Mit freundlichen Gruessen,
Marco Wertejuk - mwcis.com
Computer/Internet/Security-Services


*** config.c.orig   Tue Jul  3 11:02:14 2001
--- config.cSat Feb  2 02:03:32 2002
***
*** 124,131 
  
/* check if we are allowed to forward packets (if not determined) */
if (forwarding  0) {
!   if ((forwarding = getinet6sysctl(IPV6CTL_FORWARDING))  0)
exit(1);
}
  
/* get interface information */
--- 124,133 
  
/* check if we are allowed to forward packets (if not determined) */
if (forwarding  0) {
!   if ((forwarding = getinet6sysctl(IPV6CTL_FORWARDING)) = 0) {
!   fprintf (stdout, rtadvd: ipv6 forwarding is disabled\n);
exit(1);
+   }
}
  
/* get interface information */

Re: cipe under freebsd

2001-11-13 Thread Marco Wertejuk 

Hello,

On Tue, Nov 13, 2001 at 11:16:08AM +0100, Martin Vana wrote:
| hi,
| I need to set up a packet tunnel for 
| two win boxes connected to the same
| localnetwork which is terorized by
| firewall. 
| Someone recommends me cipe
| is there something like it for freebsd?

tunneling and ipsec are basically supported within
latest freebsd versions (and even before 4.4-release)

| How could I tell the two win boxes
| to send all their traffic to bsdbox?

Although it does not belong to this list,
you should enable packet forwarding on your freebsd
box (gateway_enable=yes in rc.conf, see documentation)
and then tell your windows pc's to use the freebsd box
as default gateway.

-- 
Mit freundlichen Gruessen,
Marco Wertejuk - mwcis.com
Computer/Internet/Security-Services

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Re: Boot proccess

2001-09-19 Thread Marco Wertejuk 

Hello,

| In short, which program gives enough knowledge to the microprocessor (?)
| and allow him to use kern.flp  mfsroot.flp in order to boot and make the
| operating system running.

your BIOS reads the first sektor from your floppy which consists
of a boot loader, which usually loads the 2nd step boot loader
and this one loads the kernel.

-- 
Mit freundlichen Gruessen,
Marco Wertejuk - mwcis.com
Computer/Internet/Security-Services

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Re: Flow cache on FreeBSD?

2001-09-04 Thread Marco Wertejuk 

Hello,

| Yes. Please go and find the NeTraMet package on the web - it should

NeTraMet is in the ports so you don't have to search it
on the web: /usr/ports/net/NeTraMet/

-- 
Mit freundlichen Gruessen,
Marco Wertejuk - mwcis.com
Computer/Internet/Security-Services

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Re: memory + apache

2001-08-28 Thread Marco Wertejuk 

Hello Dan,

have you tried tuning apache's MaxRequestsPerChild Value ?

Although it doesn't seem to be a memory leak, tweaking
this value causes old apache threads to be closed.

Maybe you can try this and report the results.

-- 
Mit freundlichen Gruessen,
Marco Wertejuk - mwcis.com
Computer/Internet/Security-Services

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

bridging on specific devices

2001-05-07 Thread Marco Wertejuk 

Hello,

I'm using 4.2 release and i need bridging.
Luigi tells in the manpage that the option
to select specific devices for bridging is
still in development.

Does anybody know how far this work is done
in 4.3 stable ?

I need this feature very urgently, and all
of my experiments with net.link.ether.bridge_cfg
didn't work because the bridge was either
completely deactived or active on all
interface and not just the desired ones.

Regards,
Marco

-- 
Mit freundlichen Gruessen,
Marco Wertejuk
Computer/Internet/Security-Services

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message